Mapimp 0.4

Author     takerZ

Description     This is an open source OllyDbg plugin which will help you to import map files

exported by IDA or Dede. There are many plugins using which you can perform similar actions, but

mapimp:

- Recognizes debugged file segments and applies names correctly
- Has an option to overwrite or skip names that intersect already defined
- Has a filter option which gives you great name demangling potential

• Filter
The main idea is to apply series of masks to every single name loaded. Mask syntax goes.
as follows:

/key[/]regex

Key “c” cuts the matched substring selected by regular expression.

[SAMPLE]
name: System::__linkproc__ GetMem(int)
mask: /c__linkproc__
applied: System::GetMem(int)
[/SAMPLE]

Key “s” skips the name if regular expression succeeds. It may be useful if you want to skip some

dummy or incorrect names.

[SAMPLE]
name: unknown_libname_2519
mask: /sunknown_libname_
applied:
[/SAMPLE]

Key “r” replaces the substring selected by regular expression with your own.

/rsubstring/regex

As you can see slash character delims your substring from the regular expression. Use double

slash to define slash as a character of your substring.

[SAMPLE]
name: System@Function(System@AnsiString;System@AnsiString)
mask: /rsys::/System@
applied: sys::Function(sys::AnsiString;sys::AnsiString)

name: System@Function(System@AnsiString;System@AnsiString)
mask: /r//_/@
applied: System/_Function(System/_AnsiString;System/_AnsiString)
[/SAMPLE]

Remember that if the name met the mask condition it will be changed, then the second mask is

applied to the changed name and so on. The order of mask applying is undefined so be careful,

because some masks may intersect.

As about regular expressions, the plugin uses pcre library which syntax is compatible with perl

regular expression. Check http://www.pcre.org for docs and sources.

http://letitbit.net/download/4104.4c9d1a75c7d9867799b30b069/Mapimp_v0.4.rar.html

About these ads